[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] susefirewall2 problem (SuSE 10.1) [solved]
Am Sonntag, 23. Juli 2006 21:01 schrieb Carlos E. R.:
> The Sunday 2006-07-23 at 16:29 +0200, Jan Ritzerfeld wrote:
> > You should check your /etc/sysconfig/SuSEfirewall2. E.g., by using
> > grep -v "#" /etc/sysconfig/SuSEfirewall2
> > to ensure that all options are well-formed (KEY="VALUE"). If so, try to
> > comment out all options and re-add them one by one until the problem is
> > triggered.
> As far as I can see, they are all well formed, no "#" appears in the
> output. (...).
Oops, the regex was somewhat wrong, or useless. grep -v "^#" would have been
> FW_TRUSTED_NETS="192.168.1.11,tcp,ftp 192.168.1.11,tcp,ftp-data \
> ## Type: string
> ## Default:
> 192.168.1.11,tcp,ssh \
Argh, such lines would be surpressed, regardless which regex you used.
> I removed the comments in the middle and the error got corrected. I can't
> understand how they got there :-O
Does not matter. You found the error. :)
> > > I'm also getting some strange errors, maybe non related:
> > >
> > > Jul 23 13:13:16 nimrodel kernel: SFW2-OUT-ERROR IN= OUT=eth0
> > > SRC=192.168.1.12 DST=18.104.22.168 LEN=52 TOS=0x00 PREC=0x00 TTL=64
> > > ID=61663 DF PROTO=TCP SPT=24438 DPT=80 WINDOW=2184 RES=0x00 ACK FIN
> > > URGP=0 OPT (0101080A0002D56B70A5E356)
> > > (...).
> > Hmm, you already experienced such log entries some months ago. :)
> > http://lists.suse.com/archive/suse-security/2006-Apr/0056.html
> True enough. But this is the first time I noticed them appearing in the
> log at the same time as I clicked somewhere, ie, repeatable.
For me, this kind of errors was repeatable when using "whois" querying a
special domain, i.e., a special whois server. But I do not think that these
"errors" are harmfull and, so, I just ignore them.
BTW, one of the IP addresses appearing in my SW2-OUT-ERRORs is
22.214.171.124, ftp.suse.com ...
> And previously it was 9.3, now it is 10.1
AFAIK, there was not much change in the SuSEfirewall2 ...
You have taken yourself too seriously.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here